Dark Wallet vs Bitcoin Fog: Battle Of Anonymous Bitcoin Services

With the recent news that SharedCoin has some major security holes, we decided now would be the best time to check out some alternative services.

3596Total views

0Total shares

Anonymity and privacy are quickly becoming a commodity that is in demand. Once seen as the domain of criminals and the paranoid, revelations about intrusive government surveillance and high profile hacks have caused ordinary people to take a long look at how they present themselves online.

The BitLicense regulation shadows over everything in cryptocurrencies. The community is outraged and Bitcoin businesses are either struggling to make sense of it or are moving out of New York all together.

But what the government can't see, can't anger it. There are plenty of legitimate, legal reasons to want anonymity in your transactions. A business doesn't necessarily want how much each of their employees are paid out on the public blockchain for an example. But more than that, for most transactions it is no one's business but your own what you spend your money on. It's a level of privacy most of us have forgotten about in the world of credit cards and multipage long user privacy agreements, but it is still a level of privacy that we fundamentally have the right to. With that in mind, and with the recent revelations about SharedCoin's flaws, we have decided that a look into the most secure and popular ways to anonymize your coins is probably appropriate.

First thing first, the popular mixing service SharedCoin, notably offered by Blockchain.info is not enough to anonymize your coins. Simply looking at the blockchain and matching transactions is enough to determine who sent what to whom in most cases.

Another, arguably more effective way to solve the problem of privacy may be to blend public keys of different users instead of their bitcoins, like the CryptoNote technology does. The concept of “mixing” coins isn't broken however, Blockchain.info's mixing service just doesn't do enough. It doesn't split transactions, it doesn't randomize the time that they come out or take other precautions that would make “tracking” coins more difficult.

Something that must be understood is that Bitcoins don't actually exist. You can't “track” a coin through the system in the same way you could mark a dollar bill. They are only numbers on the blockchain, with different wallets all holding different amounts. If person A sends person B a bitcoin, one BTC worth is subtracted from person A's account and person B's account is moved up one. The miners on the blockchain make sure person A had “enough” to cover the transaction, but there weren't actual things moving from one wallet to the next.

If the government, or marketing researchers, or anyone else wants to “track” bitcoin through a system they are simply watching the changing in values of each of the wallets. They see that person A increased person B's value on the blockchain at the expense of their own (or, more specifically, that wallet A increased wallet B's value). If someone wanted to increase their anonyminity they could send it to a wallet in the middle. Wallet A sends some bitcoin to wallet C who then passes it on to wallet B. But even then, authorities can see it move from one wallet to the next, able to easily work backwards until they find the source.

The idea of coin mixing is to have a service that takes a bunch of coins from a bunch of different people and then distribute coins back to people to other wallets that are not connected to their online persona. By sending out different amounts and sending them out at different intervals, it becomes much more difficult to figure out who originally controlled what.

There have been several services that have done this for people, some of which have disappeared into the night, others that have stuck around. We are going to look at one service that offers possibly the most anonymous bitcoin experience possible, but still depends on a centralized service that requires a level of trust and another that is an Alpha version of a decentralized system that, unfortunately, finds itself built on the insecure base of Chrome.

They represent two different approaches to the same problem. Darkwallet is new age and is (or at some point will be) completely free from third party dependency. Bitcoin Fog, for the most part, does it the way Bitcoin mixers have for years, but does it with the most secure methods possible.

So which is better?

Darkwallet is a plugin for Chrome, which has to have some security concerns. The developers and its fans can tell me all day that the service is anonymous, but as long as it is built on the leaky structure that is Google's Chrome browser, I will remain hesitant to trust it completely.

To get it running, you have to enable developer options for Chrome. Once you do that, it is as easy as installing any other Chrome Plugin. Inside, you'll find a very user friendly setup that gives you the option to reload your wallet from a seed made up of randomly generated words, or make a new wallet. The seed is so you can access your wallet from another computer, or if you somehow lose your login information.

After everything is set up you'll find a few different “pockets” made for you already: spending, business and savings. Each of those are broken down into further wallets, which are created for individual transactions and are called "pockets."

There is a contacts tab that comes preloaded with contacts to the darkwallet team and the libbitcoin team. Users can use those contacts to make donations. Presumably, you can find other contacts in the “lobby” tab, which acts as a troll box. Each time you join, you get a new identity, so it isn't immediately apparent how you add contacts within Dark Wallet.

The Lobby is intended to let users ask questions and keep each other entertained. However, I have found it to be empty most of the time and when there were people in it, they were often trying to impersonate the Dark Wallet team and was asking for donations (tip: don't give those scammers any money).

As this is an Alpha release, there are a few bugs, even a few known ones that haven't been worked out yet. For my first transaction, I sent to an address under my testing wallet labeled “pocket” (as opposed to unused) and they never showed up. Coins sent to the addresses labeled “unused” appeared almost immediately.

The bug is known, and it has a work around. It is not the most user friendly work around, but if you accidentally send a large amount of bitcoin to that address, the funds are recoverable. Again, this is an Alpha release, so some bugs are expected and they will presumably be ironed out as Dark Wallet moves toward a Beta and then full scale release. That said, it does detract from one of Dark Wallet's biggest strengths, which is that it is extremely user friendly once it is installed.

Still, the multiple receiving and sending addresses and the built in CoinJoin function make Dark Wallet one of the best ways to “wash” your bitcoins, without a fee beyond the miner fee and potentially (once it moves into beta) without trusting a third party. However, the dependence on Chrome will always be a concern so long as it depends on it. If your computer and your browser are secure, there shouldn't be a problem, but Chrome is notoriously insecure.

Bitcoin Fog is more centralized and traditional. That comes with its own set of risks and advantages. While Dark Wallet is currently fairly centralized in its Alpha form, and requires some trust because the server could go down at any moment, Bitcoin Fog requires you to trust an anonymous person or company. You have to assume that he or she isn't keeping records past their claimed time (one week) or that the person isn't actually a nefarious party.

There is a clear net portal that will tell you how to access Bitcoin Fog, but the actual site is hidden within the Tor network. The clear net (also known as “the regular internet”) site has a link to a gateway that is supposed to make the site accessible using a normal browser, but at press time it doesn't work. The clear net also erroneously states that 0.3 BTC is the minimum withdraw amount, it is actually 0.035 BTC.

Once you find your way inside the site, things couldn't be simpler. It is a no frills design but you probably don't want a bunch of fancy graphics for a site providing such a service and since the Tor browser doesn't support the powerful (but insecure) add-ons like Flash and Java, that is likely by necessity anyway.

I transferred Bitcoin from my Coinbase account to the Darkwallet in two seperate transactions, used the built in coinjoin mixer and then sent it to a Blockchain.info created address. I did the same with Bitcoin Fog, sending money in two transactions and then sent it to two different Blockchain.info addresses after waiting six hours (the minimum wait time). I then had four separate addresses, two receiving their bitcoins from Darkwallet and the other two from Bitcoin Fog. I then used that Bitcoin to purchase something from a Bitpay supported merchant. I challenge any readers to figure out a way to trace it back to me, if anyone does and posts about it in the comments below, I will update this space. I was personally unable to figure out a way to beat the system.

We are in a transition period in Bitcoin. When it first became popular, the natural thing for most people to do was to pigeon hole it into systems similar to the ones we are already familiar with: centralized systems. Slowly, or at least more slowly than our impatient minds would like, the tools are being built allow more things to be done in a decentralized manner. Anonymity is clearly better off in a decentralized system, and the Dark wallet looks to be developing into something special. However, it isn't there yet, and the developers admit as much. The bugs are annoying, and it always feels like it is moments from going down, as if it were held together by bubble gum and paper clips.

Bitcoin Fog on the other hand, runs like a finely tuned machine. It is a relic of the old, centralized systems, and if you put your bitcoins in it, you have to assume the worst case scenario, one entity theoretically knows everything about your “hidden” transactions. The hidden entity behind Bitcoin Fog claims to destroy records every week, but there is no way to confirm that.

If you can live with that initial level of trust, then you have a great service. They enforce good practices, like waiting at least six hours before sending your money out, which can be good or bad, depending on your perspective. It ensures your coins are safe, but takes away some freedom of choice.

Neither place is a good option for storing bitcoins long term. Both, if they are going to be used, should hold coins only long enough to maximize the service's effectiveness.

As for which is better, if you can find it in yourself to trust Bitcoin Fog, it is a more enjoyable service at present time. However, as Dark wallet improves, it will become more decentralized and less buggy, making it not only more secure, but also more feature packed. But promises are only promises, so Bitcoin Fog holds some key advantages at this point.

If you can't grit your teeth and force yourself to trust Bitcoin Fog, then Dark wallet is perhaps your only reasonable choice for washing bitcoins. You could always switch blockchains by buying an altcoin on one exchange then selling them on another exchange, but that would likely involve multiple fake emails for sign-up purposes, the trust of the relatively few exchanges out there and the extreme volatility of altcoin markets.

All told, both are fine services, and the paranoid may do well to utilize them both in conjunction. In such a case, even Blockchain.info's incredibly flawed SharedCoin feature would be helpful. The law may finally be interested in Bitcoin, but that doesn't mean it has caught up quite yet.

Did you enjoy this article? You may also be interested in reading these ones: